Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tradeadexchange


  • Please log in to reply
15 replies to this topic

#1 Gassa

Gassa

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 03 December 2016 - 05:54 AM

Hi, this is my first posting, so a big hello to everyone :)

  

I have a problem with being diverted to tradeadexchange and other sites when I click a button on various websites, McAfee stops the sites loading sometimes. I have tried McAfee virus scan, Spybot , CCleaner and Malwarebytes Anti maleware  but still keep getting redirected.

Can anyone help!!

Please

 

Gary



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 03 December 2016 - 06:24 AM

Welcome to BC...

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

When you have completed the scans above....do this:

 

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 03 December 2016 - 12:04 PM

Hi Buddy here are the files:

1. Adwcleaner
2. JRT
3. Startup
4. Scheduled
5. Install
I hope they mean more to you than they do to me, thanks for taking the time.

Gary

1.
# AdwCleaner v6.040 - Logfile created 03/12/2016 at 17:27:32
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-02.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Gary - GARY-LAPTOP
# Running from : C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZACZF5H\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3345 Bytes] - [30/11/2016 09:25:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [1355 Bytes] - [03/12/2016 17:27:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [3116 Bytes] - [30/11/2016 09:24:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1750 Bytes] - [03/12/2016 14:03:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1574 Bytes] ##########

2.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Gary (Administrator) on 03/12/2016 at 17:38:00.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Failed to delete: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ODHIFLL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1POX25PD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GZW61Z5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZACZF5H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ODHIFLL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1POX25PD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GZW61Z5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZACZF5H (Temporary Internet Files Folder)

Deleted the following from C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\elbrrn1t.default\prefs.js
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{188CE893-FDC8-4216-84AC-44D2B0EEF4DC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/12/2016 at 17:43:02.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3.
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run GarminExpressTrayApp Garmin Ltd. or its subsidiaries "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Yes HKCU:Run LightScribe Control Panel Hewlett-Packard Company C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
No HKCU:Run MFP and Storage Server
No HKCU:Run Spybot-S&D Cleaning Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
No HKLM:Run Easybits Recovery C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run HP Software Update C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run Magic Desktop for HP notification Easybits "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Yes HKLM:Run RtkOSD Realtek Semiconductor Corp. C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
Yes HKLM:Run SDTray Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes HKLM:Run ShaPlus Bandwidth Meter "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run WirelessAssistant Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Yes Startup Common Install SafeKey FF RunOnce.lnk McAfee C:\Program Files (x86)\Common Files\lpuninstall.exe
Yes Startup Common Install SafeKey IE RunOnce.lnk McAfee C:\Program Files (x86)\Common Files\lpuninstall.exe
No Startup Common Update Notifier.lnk C:\PROGRA~1\WinZip\WZUPDA~1.EXE
No Startup Common WinZip Preloader.lnk C:\PROGRA~1\WinZip\WZPREL~1.EXE

4.
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task EPSON XP-235 Series Update {59A215C3-0466-4182-BEEB-99CAA20B59E0} SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPFE.EXE /EXE:"{59A215C3-0466-4182-BEEB-99CAA20B59E0}" /F:"Update"
Yes Task EPSON XP-235 Series Update {90972E6A-208B-46E3-BA62-A169E1D6BB94} SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPFE.EXE /EXE:"{90972E6A-208B-46E3-BA62-A169E1D6BB94}" /F:"Update"
Yes Task GarminUpdaterTask Garmin International, Inc. C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA1cf8f7485b4efdd Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d041463625c776 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForGary Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGary (null)
Yes Task McAfee Remediation (Prepare) McAfee, Inc. C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
Yes Task McAfeeLogon McAfee, Inc. C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui
Yes Task RecoveryCDWin7 "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" RecoveryCDWin7 ShowMessageTask
Yes Task {7139C3A0-7BA6-46BB-B430-72187D5F9E20} F:\Setup.exe
Yes Task {93699E0E-F962-4549-ACD2-6F2A30F3E617} F:\Setup.exe

5.
Acrobat.com Adobe Systems Incorporated 23/01/2010 1.60 MB 1.6.65
Adobe Acrobat Reader DC Adobe Systems Incorporated 05/11/2016 293 MB 15.020.20042
Adobe AIR Adobe Systems Incorporated 08/09/2016 22.0.0.153
Adobe Flash Player 23 ActiveX Adobe Systems Incorporated 09/11/2016 4.77 MB 23.0.0.207
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 08/08/2014 12.1.3.153
Atheros Driver Installation Program Atheros 11/02/2010 5.2
CCleaner Piriform 14/08/2016 5.20
Compatibility Pack for the 2007 Office system Microsoft Corporation 13/11/2016 376 MB 12.0.6612.1000
CyberLink DVD Suite CyberLink Corp. 23/01/2010 37.3 MB 7.0.2216
CyberLink MediaShow CyberLink Corp. 11/02/2010 352 MB 4.1.3419
CyberLink PowerDVD 8 CyberLink Corp. 11/02/2010 111 MB 8.0.1.1110
CyberLink YouCam CyberLink Corp. 11/02/2010 136 MB 3.0.2201
Epson Event Manager Seiko Epson Corporation 15/12/2015 46.4 MB 3.10.0050
EPSON Manuals SEIKO EPSON CORPORATION 15/12/2015 848 KB 1.50.0.0
Epson Printer Connection Checker SEIKO EPSON CORPORATION 17/12/2015 1.12 MB 1.0.1.0
EPSON Scan Seiko Epson Corporation 15/12/2015
EPSON XP-235 Series Printer Uninstall Seiko Epson Corporation 15/12/2015
EpsonNet Print SEIKO EPSON Corporation 15/12/2015 12.2 MB 3.1.2.0
Free Zip 9.20 Somoto Ltd 17/12/2013
Garmin Express Garmin Ltd or its subsidiaries 02/12/2016 168 MB 4.5.0.0
Garmin USB Drivers Garmin Ltd or its subsidiaries 20/12/2014 573 KB 2.3.1.0
Garmin VoiceStudio v2.40 Garmin Ltd or its subsidiaries 20/12/2014 6.49 MB 2.40.0.0
Google Chrome Google Inc. 04/09/2013 54.0.2840.99
Google Earth Google 17/10/2016 178 MB 7.1.7.2606
Google Toolbar for Internet Explorer Google Inc. 23/11/2016 7.5.8231.2252
Guitar Pro 5.1 Arobas Music 24/04/2016
HP Games WildTangent 11/02/2010 1.0.0.71
HP Wireless Assistant Hewlett-Packard 23/01/2010 3.87 MB 3.50.9.1
Intel® Graphics Media Accelerator Driver Intel Corporation 04/09/2013 8.15.10.2008
Intel® Management Engine Components Intel Corporation 04/09/2013 6.0.0.1179
Intel® Matrix Storage Manager Intel Corporation 11/02/2010
iSEEK AnswerWorks English Runtime Vantage Linguistics 10/10/2013 4.77 MB 010.000.0101
Java 8 Update 111 Oracle Corporation 03/11/2016 94.1 MB 8.0.1110.14
LabelPrint CyberLink Corp. 23/01/2010 280 MB 2.5.2215
LightScribe System Software LightScribe 11/02/2010 23.9 MB 1.18.9.1
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 02/12/2016 66.8 MB 2.2.1.1043
McAfee Internet Security McAfee, Inc. 13/11/2016 15.0.2059
McAfee SafeKey(uninstall only) McAfee, Inc. 08/03/2015 2.1.10
McAfee Virtual Technician McAfee, Inc. 10/10/2013 7.1.0.2483
McAfee WebAdvisor McAfee, Inc. 10/11/2016 4.0.164
MFP and Storage Server TP-LINK 07/09/2013 2.97 MB 0.09.1006.0040
Microsoft .NET Framework 4.6.1 Microsoft Corporation 02/09/2016 38.8 MB 4.6.01055
Microsoft Office Enterprise 2007 Microsoft Corporation 27/09/2013 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 29/08/2016 10.9 MB 14.0.5130.5003
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 13/11/2016 127 MB 12.0.6612.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 23/01/2010 8.36 MB 2.9
Microsoft Silverlight Microsoft Corporation 19/10/2016 497 MB 5.1.50901.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23/01/2010 1.72 MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 11/02/2010 625 KB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 11/02/2010 1.44 MB 1.0.1215.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27/09/2013 300 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11/02/2010 788 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 27/09/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/02/2010 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 27/09/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 19/12/2014 17.1 MB 12.0.21005.1
Microsoft Works Microsoft Corporation 27/09/2013 563 MB 9.7.0621
Microsoft Works 6-9 Converter Microsoft Corporation 04/11/2013 1.17 MB 14.0.6120.5002
Mozilla Firefox 44.0.1 (x86 en-GB) Mozilla 19/02/2016 86.6 MB 44.0.1
Mozilla Maintenance Service Mozilla 19/02/2016 375 KB 44.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13/10/2013 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 13/10/2013 1.33 MB 4.20.9876.0
muvee Reveal muvee Technologies Pte Ltd 11/02/2010 157 MB 7.0.43.11502
MyEpson Portal SEIKO EPSON Corporation 15/12/2015
PL-2303 USB-to-Serial Prolific Technology INC 28/11/2016 1.7.0
Power2Go CyberLink Corp. 23/01/2010 199 MB 6.0.3415
PowerDirector CyberLink Corp. 23/01/2010 547 MB 7.0.3420
Quicken 2013 Intuit 10/10/2013 91.5 MB 22.1.12.7
Realtek Ethernet Controller Driver For Windows Vista and Later Realtek 11/02/2010 1.00.0011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20/02/2014 6.0.1.6206
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 11/02/2010 6.1.7600.30105
RtVOsd Realtek Semiconductor Corp. 20/02/2014 1.53 MB 1.0.6
ShaPlus Bandwidth Meter 1.4 ShaPlus Software 27/02/2014 1.4
Software Updater SEIKO EPSON CORPORATION 15/12/2015 10.0 MB 4.3.7
Spybot - Search & Destroy Safer-Networking Ltd. 15/11/2013 132 MB 2.2.25
SpyHunter 4 Enigma Software Group, LLC 01/12/2016 4.24.3.4750
Synaptics Pointing Device Driver Synaptics Incorporated 03/09/2013 46.4 MB 15.3.29.0
System Requirements Lab Husdawg, LLC 27/02/2015 562 KB 6.1.1.0
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Dynastream Innovations, Inc. 19/12/2014 04/11/2012 1.2.40.201
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Garmin 20/12/2014 04/19/2012 2.3.1.0
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) Silicon Labs Software 19/12/2014 02/06/2007 3.1
Windows Live Essentials Microsoft Corporation 23/01/2010 14.0.8089.0726
Windows Live Sign-in Assistant Microsoft Corporation 23/01/2010 1.93 MB 5.000.818.5
Windows Live Sync Microsoft Corporation 23/01/2010 2.78 MB 14.0.8089.726
Windows Live Upload Tool Microsoft Corporation 23/01/2010 224 KB 14.0.8014.1029

#4 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 03 December 2016 - 12:41 PM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run SpybotPostWindows10UpgradeReInstall Safer-Networking Ltd. "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe

Yes HKLM:Run SDTray Safer-Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

Yes Startup Common Install SafeKey FF RunOnce.lnk McAfee C:\Program Files (x86)\Common Files\lpuninstall.exe (Unless you actually use this in IE and Firefox)
Yes Startup Common Install SafeKey IE RunOnce.lnk McAfee C:\Program Files (x86)\Common Files\lpuninstall.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task EPSON XP-235 Series Update {59A215C3-0466-4182-BEEB-99CAA20B59E0} SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPFE.EXE /EXE:"{59A215C3-0466-4182-BEEB-99CAA20B59E0}" /F:"Update"
Yes Task EPSON XP-235 Series Update {90972E6A-208B-46E3-BA62-A169E1D6BB94} SEIKO EPSON CORPORATION C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPFE.EXE /EXE:"{90972E6A-208B-46E3-BA62-A169E1D6BB94}" /F:"Update"
Yes Task GarminUpdaterTask Garmin International, Inc. C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe

Yes Task GoogleUpdateTaskMachineUA1cf8f7485b4efdd Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineUA1d041463625c776 Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForGary Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGary (null)

I think the three tasks below can be Disabled if you have created a Recovery CD for your Windows 7 installation.

Yes Task RecoveryCDWin7 "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" RecoveryCDWin7 ShowMessageTask
Yes Task {7139C3A0-7BA6-46BB-B430-72187D5F9E20} F:\Setup.exe
Yes Task {93699E0E-F962-4549-ACD2-6F2A30F3E617} F:\Setup.exe

 

Uninstall these programs: Use Download Revo Uninstaller Freeware to uninstall the programs...especially SpyHunter.

Acrobat.com Adobe Systems Incorporated 23/01/2010 1.60 MB 1.6.65

Google Toolbar for Internet Explorer Google Inc. 23/11/2016 7.5.8231.2252

HP Games WildTangent 11/02/2010 1.0.0.71

McAfee WebAdvisor McAfee, Inc. 10/11/2016 4.0.164

Mozilla Firefox 44.0.1 (x86 en-GB) Mozilla 19/02/2016 86.6 MB 44.0.1 (Or Update to 50.0.2)
Mozilla Maintenance Service Mozilla 19/02/2016 375 KB 44.0.1

Spybot - Search & Destroy Safer-Networking Ltd. 15/11/2013 132 MB 2.2.25 (lost favor from the pros years ago)
SpyHunter 4 Enigma Software Group, LLC 01/12/2016 4.24.3.4750 (If you purchased this be aware that you will be charged every 6 months)

 

Please let me know after doing the above and rebooting if the problem described in your opening post still exists or not. If it doesn't happen every day, give it a few days before confirming the problem is gone. The two scans did remove what could of been the cause.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 December 2016 - 03:47 AM

Hi, have do done all you suggested and will monitor it, Question, why uninstall McAfee webadviser?
Thanks, will keep you posted.
G.

#6 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 04 December 2016 - 06:38 AM

It is poorly maintained, misleading and your browsers...Firefox and Chrome....do a good job of warning you and blocking malicious websites.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 December 2016 - 03:07 AM

Hi Buddy, unfortunately the problem still exists, 3 times I was diverted to Tradeadexchange in 10 mins this morning, once was clicking the link in the email to write this!

Gary

#8 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 December 2016 - 03:21 AM

"once was clicking the link in the email to write this!"
Sorry that did not happen, my mistake.
G

#9 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 05 December 2016 - 04:31 AM

I'm assuming this is happening in your Google Chrome browser.

 

Uninstall Google Chrome including your profile. While selecting to uninstall you will be asked if you want to include your profile...be sure to uninstall that, too.

 

You can backup your Chrome bookmarks before uninstalling if you don't have the same bookmarks in Firefox to import.

Import or export bookmarks - Chrome Help


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 December 2016 - 05:17 AM

Hi, No I rarely use Goggle Chrome, I use IE.

G.

#11 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 05 December 2016 - 06:58 AM

Let's see if Zemana can find the culprit. But first look through IE's add-ons for anything you don't recognize and disable it or if it

specifically mentions TradeExchange...delete it.

 

ZEMANA ANTIMALWARE DOWNLOAD LINK (This link will start the download of “Zemana AntiMalware”)Double-click on the file named “Zemana.AntiMalware.Setup.exe” to start the installation of Zemana AntiMalware.

Click on the “Next” button, to install Zemana AntiMalware on your computer.

When Zemana AntiMalware will start, click on the “Scan” button.

Zemana AntiMalware will now scan computer for malicious files. This process can take up to 10 minutes.

When Zemana AntiMalware has finished it will display a list of all the malware that the program found. Click on the “Next” button, to remove the malicious files from your computer.

At the end a system reboot may be required to remove all traces of malware.

 

If the above doesn't fix  the problem...you will need to reset IE.

Open Internet Explorer, click on the “gear icon”  in the upper right part of your browser, then click again on Internet Options.

In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.

In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.

When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now  need to close your browser, and then you can open Internet Explorer again.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 December 2016 - 09:08 AM

Hi, Zemana found 1 threat, I've posted the file below, checked the add-ons and found nothing, will monitor again and if it continues will reset IE.

Zemana AntiMalware 2.70.189.25 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/12/5
Operating System : Windows 7 64-bit
Processor : 4X Intel® Core™ i3 CPU M 330 @ 2.13GHz
BIOS Mode : Legacy
CUID : 12A2CF81D7BA04135431E1
Scan Type : System Scan
Duration : 8m 41s
Scanned Objects : 55825
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Proxy Auto Config
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL = http://none-stops.net/wpad.dat?4adc8ee635b19ee7d14a50fc7444a28c20357427

#13 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:15 PM

Posted 05 December 2016 - 09:17 AM

That's a good plan....it's possible what Zemana found is the culprit. Run CCleaner, too.


Edited by buddy215, 05 December 2016 - 09:17 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 December 2016 - 09:54 AM

Have now had to reset IE, hopefully this will solve my problem.

 

G.



#15 Gassa

Gassa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 07 December 2016 - 02:23 AM

Hi, I have not had a redirection since resetting IE, so I reckon I'm cured!! Thanks very much for your help and time.

 

Cheers

Gary






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users